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1. INTRODUCTION 


The risk management strategy of the Central Karoo District Municipality deals with 
the major intended and emergent initiatives taken by and involving the utilisation of 
its resources to reduce risk in the District Municipality. 

These strategies may include acceptance, avoidance, mitigating and transferring 
of risk. 

The risk management strategy outlines a high level plan on how the District 
Municipality will go about implementing its risk management policy. 

The risk management strategy contains the following five main elements: 

• Structural configuration 


This element describes how the institution will be structured in terms of 
committees and reporting lines to give effect to the risk management policy; 

• Accountability, roles and responsibilities 


This element describes the authority and delegation of responsibilities to give 
effect to the risk management policy. 

• Risk management activities 


This element includes the risk assessment processes and methodologies, 
monitoring activities and risk reporting standards to give effect to the risk 
management policy. 

• Monitoring of the achievement of the risk management strategy 


This element includes assessment of whether or not key milestones are 
achieved. More importantly it is also monitoring whether the risk 
management strategy is producing the sustainable outcomes as originally 
envisaged. 
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• Assurance activities 


This element considers all assurance providers available to the institution 
and integration of their scope of responsibility. 


2. RISK MANAGEMENT STRATEGY 


Structural configuration 

The District Municipality will implement the following structure to give effect to its Risk 
Management Policy: 

> Council: The Council will strive within its capacity to achieve the objectives set 
out in Section 152 of the Constitution. 

> The Executive Authority will be as follows: 


For the District Municipality: The Accounting Officer and the Directors (Section 
57 employees) of the District Municipality 

> The Accounting Officer will be as follows: 


For the District Municipality: The Municipal Manager 

For any Municipal Entity of which this District Municipality is the parent: The 
Chief Executive Officer 

> The Chief Risk officer will be appointed by the Municipal Manager, be it an 
employee with the designation of Chief Risk Officer or an employee with the 
delegated responsibilities of a Chief Risk Officer. 
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> The Risk Management committee will consist of: 

• A member of the Audit Committee (not in the employ of the Institution); 

• Representatives of senior management: 

- The Municipal Manager 

- The Senior Manager: Finance (Chief Financial Officer) 

- The Senior Manager: Corporate Services 

- The Director Technical Services 

> Standing invitees to the Committee shall be: 

• Chief Risk Officer; 

• Chief Audit Executive, 

• Any other person who may be co-opted to provide specialist skills, advice 
and counsel. 

> The Risk Champions will be at least one designated Section Head from each of 
the Directorates of the District Municipality. 

> The Audit Committee will be the Committee Members as appointed by Council. 

> The Internal Audit service will be provided by the District Municipality’s Internal 
Audit Unit or an external service provider (co-sourced / outsourced function). 

> Other staff, who also have a role in Risk Management, are employees within the 
District Municipality with non specific risk management responsibilities. 


3. ACCOUNTABILITY, ROLES AND RESPONSIBILITIES 


Legislating the implementation of risk management in public sector institutions is 
part of a macro strategy of Government towards ensuring the achievement of 
national goals and objectives. 

ACCOUNTING AUTHORITY 

1) Legal Mandate 


The following legislative instruments provide the legal foundation for the 
Accounting Authority’s responsibility for risk management: 
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For the District Municipality 

Section 62 (1)(c)(i) of the Municipal Finance Management Act (Act 56 of 2003) 
(MFMA). 


For Municipal Entities 

Section 95 (c)(i) of the Municipal Finance Management Act (Act 56 of 2003) 
(MFMA). 

2) Role and Responsibilities 


To derive optimal benefits, risk management ought to be conducted in a 
systematic manner, using proven methodologies, tools and techniques. 

The Accounting Officer must ensure that the responsibility for risk 
management vests at all levels of management and that it is not only limited to 
the Accounting Officer. The Accounting Officer must also ensure that a risk 
assessment is conducted regularly to identify emerging risks. 

High level responsibilities of the Accounting Officer include: 

• Setting the tone at the top by supporting ERM and allocating resources 
towards the implementation thereof; 

• Establishing the necessary structures and reporting lines within the 
institution to support ERM; 

• Approving the risk management strategy, risk management policy, risk 
management implementation plan and fraud risk management policy; 

• Approving the institution’s risk appetite and risk tolerance; 


• Influencing an institutional “risk aware” culture; 
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Approving the code of conduct for the institution and holding 
management and officials accountable for adherence; 


Place the key risks at the forefront of the management agenda and 
devote personal attention to overseeing their effective management; 


Hold management accountable for designing, implementing, monitoring 
and integrating risk management principles into their day-to-day 
activities; 


Holding the structures responsible for risk management activities 
accountable for adequate performance; 


Ensuring that a conducive control environment exists to ensure that 
identified risks are proactively managed; 

Leverage the Audit Committee, Internal Audit, Risk Management 
committee and other appropriate structures for assurance on the 
effectiveness of risk management; 


Provide all relevant stakeholders with the necessary assurance that key 
risks are properly identified, assessed, mitigated and monitored; 


Consider and act on recommendations from the Audit Committee, 
Internal Audit, Risk Management Committee and other appropriate 
structures for improving the overall state of risk management; 


Provide appropriate leadership and guidance to senior management 
and structures responsible for various aspects of risk management. 


Awareness of and concurring with the institution’s risk appetite and 
tolerance levels; 



• Reviewing the institution’s portfolio view of risks and considers it against 
the institution’s risk tolerance; 

• Influencing how strategy and objectives are established, institutional 
activities are structured, and risks are identified, assessed and acted 
upon; 

• Requiring that management should have an established set of values 
by which every employee should abide by; 

• Insist on the achievement of objectives, effective performance 
management and value for money. 

• The design and functioning of control activities, information and 
communication systems, and monitoring activities; 

• The quality and frequency of reporting; 

• The way the institution is managed including the type of risks accepted; 

• The appropriateness of reporting lines; 

• Assign responsibility and authority; 

• Insist on accountability. 


3) Evaluation 


To measure the Accounting officer’s effectiveness in leading the institution’s 
ERM in contributing to the institution’s goals and objectives, clear objectives 
and key performance indicators have been set for the Officer in respect of risk 
management, as included in his Performance Contract. The Accounting 
Officer will be evaluated in terms of the requirements set out in the 
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Performance Regulations for Municipal Managers and Managers accountable 
to Municipal Managers. 

CHIEF RISK OFFICER (CRO) 

a) Legal mandate 


Legislating the implementation of risk management in public sector institutions 
is part of a macro strategy of Government towards ensuring the achievement 
of national goals and objectives. 

The CRO is bound by the legislation applicable to “other Personnel”, as set out 
below. 

The following legislative instruments provide the legal foundation for risk 
management for “Other Personnel”. 

For Municipalities 

Section 78 of the Municipal Finance Management Act (Act 56 of 2003) 
(MFMA) 

For Municipal Entities 

Section 105 of the Municipal Finance Management Act (Act 56 of 
2003)(MFMA) 

b) Role and Responsibilities 

The primary responsibility of the CRO is to bring to bear his / her specialist 
expertise to assist the institution to embed and leverage the benefits of risk 
management to achieve its stated objectives. 

To derive optimal benefits, risk management ought to be conducted in a 
systematic manner, using proven methodologies, tools and techniques. 
Focusing on enterprise-wide risk management programmes, the CRO is 
tasked with the overall efficiency of the ERM function. This is inclusive of the 
embedding of risk management practices and fostering a risk aware culture 
within the institution. 
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The CRO effectively assumes the role of institutional advocate for ERM and 
brings specialist expertise to assist in integrating risk management throughout 
the institution. 

High level responsibilities to achieve this include: 

• Working with senior management to develop the overall enterprise risk 
management vision, risk management strategy, risk management 
policy, as well as risk appetite and tolerance levels for approval by the 
Accounting Authority / Officer; 


• Communicating the risk management policy, risk management strategy 
and risk management implementation plan to all stakeholders in the 
institution; 


• Setting up of the risk management structure and risk management 
reporting lines within the institution; 


• Continuously driving the risk management process towards best 
practice; 


• Developing a common risk assessment methodology that is aligned 
with the institution’s objectives at strategic, tactical and operational 
levels for approval by the Accounting Authority / Officer; 

• Coordinating risk assessments within the institution / directorate / 
department / section / on a regular basis; 


• Sensitising management timeously of the need to perform risk 
assessments for all major changes, capital expenditure, projects, 
institutional restructuring and similar events, and assist to ensure that 
the attendant processes, particularly reporting, are completed efficiently 
and timeously; 


• Assisting management in developing and implementing risk responses 
for each identified material risk; 
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Ensuring effective information systems exist to facilitate overall risk 
management improvement within the institution; 




• Continuously transferring risk management principles and practices, 
through training interventions, to all stakeholders within the institution; 


• Advising management in the development of financing structures; 


• Performing an analysis to identify emerging risks facing the institution 
for further action and intervention; 


• Collating and consolidating the results of the various assessments 
within the institution; 


• Analysing the results of the assessment process to identify trends, 
within the risk and control profile, and develop the necessary high level 
control interventions to manage these trends; 


• Compiling the necessary reports to the Risk Management Committee; 


• Providing input into the development and subsequent review of the 
fraud prevention strategy, business continuity plans, occupational 
health, safety and environmental policies and practices and disaster 
management plans. 


In addition to the above mentioned high level responsibilities the CRO 
needs to possess certain attributes to function effectively and efficiently. 
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c) Evaluation 


To measure the CRO’s effectiveness in leading the institution’s ERM in 
contributing to the institution’s goals and objectives and key performance 
indicators will be set for the CRO in respect of risk management. The 
following key performance indicators for the CRO will be considered: 

• Maturity on the implementation of the ERM Framework; 

• Risk management structures active and credible; 

• Realistic risk management implementation plan achieved; 

• Proactive identification of emerging risks to minimize unforeseen risks; 

• Implementation progress achieved of Loss prevention Programme; 

• Lack of surprises 

• Updated risk profile of the institution; 

• Updated action plans for all material risks. 

Evaluation will be performed by the Accounting Officer on an annual basis. 

RISK COMMITTEE 

a. Legal Mandate 

There is currently no legal mandate for the establishment of a Risk 
Management committee. However, National Treasury determines that the 
role of the Risk Management Committee is to develop goals, objectives and 
key performance indicators for the committee for approval by the 
Accounting Officer. 

b. Role and Responsibilities 

The Risk Management committee is responsible for assisting the 
Accounting Officer in addressing its oversight requirements of risk 
management and evaluating and monitoring the institution’s performance 
with regards to risk management. The role of the Risk Management 
Committee is to formulate, promote and review the institution’s ERM 
objectives, strategy and policy and monitor the process at strategic, 
management and operational levels. 


Page 1 1 



In discharging its oversight responsibilities relating to risk management, the 
Risk Management committee has the following high level responsibilities: 

• Review the risk management policy and strategy and recommend for 
approval by Council; 

• Review the risk appetite and tolerance and recommend for approval 
by -Council; 

• Review the institution’s risk identification and assessment 
methodologies to obtain reasonable assurance of the completeness 
and accuracy of the risk register; 

• Evaluate the effectiveness of mitigating strategies to address the 
material risks of the Institution; 

• Report to the Accounting Officer any material changes to the risk 
profile of the Institution; 

• Review the fraud prevention policy and recommend for approval by 
Council; 

• Evaluate the effectiveness of the implementation of the fraud 
prevention policy; 

• Review any material findings and recommendations by assurance 
providers on the system of risk management and monitor that 
appropriate action is instituted to address the identified weaknesses; 

• Develop goals, objectives and key performance indicators for the 
Committee for approval by the Accounting Officer; 

• Develop goals, objectives and key performance indicators to 
measure the effectiveness of the risk management activity; 

• Set out the nature, role, responsibility and authority of the risk 
management function within the Institution for approval by the 
Accounting Officer, and oversee the performance of the risk 
management function; 
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• Provide proper and timely reports to the Accounting Officer on the 
state of risk management, together with aspects requiring 
improvement accompanied by the Committee’s recommendations to 
address such issues. 

c. Evaluation 

To measure the Risk Management committee’s effectiveness in the 
institution’s ERM in contribution to the institution’s goals and objectives, 
clear objectives and key performance indicators have been set for the Risk 
Management Committee in respect of risk management. The key 
performance indicators for the Risk Management committee are: 

• Risk Management Policy and Risk Management Strategy and 
Framework approved for the financial year; 

• Risk Management Implementation Plan approved; 

• Annually report on the submission of risks equal or > risk appetite to 
Risk Committee; 

• Review the Risk Appetite as per the Risk Management Policy; 

• Quarterly progress report of the approved Implementation Plan; 

• Submission of approved Risk Committee minutes to the Audit 
Committee on a quarterly basis; 

• Submission of a statement / report from Risk Committee Chair to the 
Audit Committee regarding the Risk Committee’s performance as per 
the Key Performance Indicators on an annual basis. 

The Risk Committee will be evaluated by the Mayoral Committee on an annual 
basis. 

AUDIT COMMITTEE 

a) Legal Mandate 

Legislating the implementation of risk management in public sector 
institutions is part of a macro strategy of Government towards ensuring the 
achievement of national goals and objectives. The following legislative 
instruments provide the legal foundation for the Audit Committee’s 
responsibility for risk management: 
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District Municipality 

Section 166 of the Municipal Finance Management Act (Act 56 of 2003) 
(MFMA) 

Municipal Entities 

Municipal Finance Management Act (Act 56 of 2003) (MFMA) 

b) Role and Responsibilities 


The Audit Committee is responsible for providing the Accounting Officer 
with independent council, advice and direction in respect of risk 
management. The stakeholders rely on the Audit Committee for an 
independent and objective view of the institution’s risks and effectiveness 
of the risk management processes. 

In this way, the Audit Committee provides valuable assurance that 
stakeholder interests are protected. 

In discharging its oversight responsibilities relating to risk management, 
the audit committee: 

• Gains thorough understanding of the risk management policy, risk 
management strategy, risk management implementation plan, and 
fraud risk management policy of the institution to enable them to add 
value to the risk management process when making 
recommendations to improve the process; 

• Reviews and critiques the risk appetite and risk tolerance, and 
recommends this for approval by Council; 

• Reviews the completeness of the risk assessment process 
implemented by management to ensure that all possible categories 
of risks, both internal and external to the institution, have been 
identified during the risk assessment process. This includes an 
awareness of emerging risks pertaining to the institution; 

• Reviews the risk profile and management action plans to address the 
risks; 
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Reviews the adequacy of adapted risk responses; 


The audit committee must monitor the progress made with the 
management action plan; 


Reviews the progress made with regards to the implementation of 
the risk management strategy of the institution; 


Facilitates and monitors the coordination of all assurance activities 
implemented by the institution; 


Reviews and recommends any risk disclosures in the annual 
financial statements; 


Provides regular feedback to the Accounting Officer on the 
effectiveness of the risk management process implemented by the 
institution; 


Review the process implemented by Management in respect of fraud 
prevention and ensure that all fraud related incidents have been 
followed up appropriately; 

Reviews and ensures that the internal audit plans are aligned to the 
risk profile of the institution; 


Review the effectiveness of the internal audit assurance activities 
and recommends appropriate action to address any shortcomings. 


Review the combined assurance model. 



RISK CHAMPIONS 


(i) Legal Mandate 


Legislating the implementation of risk management in public sector 
institutions is part of a macro strategy of Government towards ensuring the 
achievement of national goals and objectives. The Risk Champions are 
bound by the legislation applicable to “Other Personnel”, as set out below. 


For Municipalities 

Section 78 of the Municipal Finance Management Act (Act 56 of 2003) 
(MFMA). 

For Municipal Entities 

Section 105 of the Municipal Finance Management Act (Act 56 of 2003) 
(MFMA). 


(ii) Role and Responsibilities 


The Risk champion is a person with the skills, knowledge and leadership 
required to champion the risk management cause. 

A key part of the Risk Champion’s responsibility involves escalating 
instances where the risk management efforts are stifled, such as when 
individuals try to block ERM initiatives. The Risk champion also adds 
value to the risk management process by providing guidance and support 
to manage “problematic” risks and risks of a transversal nature. 

The Risk Champion acts as a change agent in the ERM process and is 
distinguished from risk co-ordinators as they are trouble shooters that 
facilitate resolution of risk related problems. 

In order to be an effective and efficient risk champion, he / she must: 


Have a good understanding of risk concepts, principles and processes; 
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• Have good analytical skills to assist with the analysis of root 
causes to risk problems; 

• Leadership and motivational qualities; 

• Have good communication skills. 

(iii) Evaluation 


To measure the Risk Champion’s effectiveness in the institution’s ERM in 
contributing to the institution’s goals and objectives, clear objectives and 
key performance indicators should be set for the Risk Champion in respect 
of risk management. The key performance indicators for the Risk 
Champion are: 

• Resolution of problems identified. 


MANAGEMENT 

(1) Legal Mandate 

Management are bound by the legislation applicable to “other Personnel”, 
as set out below. 

For Municipalities 

Section 78 of the Municipal Finance Management Act (Act 56 of 2003) 
(MFMA) 

For Municipal Entities 

Section 105 of the Municipal Finance Management Act (Act 56 of 2003) 
(MFMA) 

(2) Role and Responsibilities 

Management is accountable to the Accounting Officer for designing, 
implementing and monitoring risk management, and integrating it into the 
day-to-day activities of the institution. This needs to be done in such a 
manner as to ensure that risk management becomes a valuable strategic 
management tool for underpinning the efficacy of service delivery and 
value for money. 
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In discharging their high level responsibilities relating to risk management, 
Management: 

• Acknowledges the “ownership” of risks within their functional areas 
and all responsibilities associated with managing such risks; 

• Cascades risk management into their functional responsibilities; 


• Empowers officials to perform adequately in terms of risk 
management responsibilities through proper communication of 
responsibilities, comprehensive orientation and ongoing opportunities 
for skills development; 


• Holds officials accountable for their specific risk management 
responsibilities; 


• Maintains the functional risk profile within the institution’s risk 
tolerance and appetite; 


• Provides reports on the functional risk management consistent with 
the institution’s reporting protocols (including appearing before 
committees); 


• Aligns the functional and institutional risk management 
methodologies and processes; 


• Implements the directives of the Accounting Officer concerning risk 
management; 


• Maintains a harmonious working relationship with the CRO and 
supports the CRO in matters concerning the functions risk 
management; 

• Maintains a harmonious working relationship with the Risk Champion 

and supports the Risk Champion in matters concerning the functions 
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• Keeps key functional risks at the forefront of the management 
agenda and devote personal attention in overseeing the 
management of these risks. 


(3) Evaluation 

To measure the Management’s effectiveness in the institution’s ERM in 
contributing to the institution’s goals and objectives, clear objectives and key 
performance indicators should be set for the Management in respect of risk 
management. The key performance indicators for the Management are: 

• The business unit’s performance against key service delivery indicators, 
including comparison of year-on-year performance; 

• Implementation level of the ERM Framework within their business unit; 

• Implementation of credible risk management structures within their 
business unit; 

• Proactive identification of emerging / new risks to avoid surprises; 

• Zero contravention notices served by authorities; 

• Service delivery performance and improvement; 

• Improvement in efficiency ratios for service delivery; 

• % achievement of KPI’s; 

• Updated risk registers; 

• Updated action plans; 

• Actual effectiveness of controls validated; 

• Year-on-year reduction in incidents/losses; 

• Implementation progress achieved of Loss Prevention Programme; 

• Reduction in fraud; 

• Reduction in stakeholder complaints. 
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OTHER STAFF 


1) Legal Mandate 

The following legislative instruments provide the legal foundation for Other 
Personnel’s responsibility for risk management: 

For Municipalities 

Section 78 of the Municipal Finance Management Act (Act 56 of 2003) (MFMA) 

For Municipal Entities 

Section 105 of the Municipal Finance Management Act (Act 56 of 2003) (MFMA) 

2) Role and Responsibilities 


Other Personnel are accountable to their Management for implementing and 
monitoring the process of risk management and integrating it into their day-to-day 
activities. 

High level responsibilities include: 


• Familiarity with the overall enterprise risk management vision, risk 
management strategy, fraud risk management policy and risk management 
policy; 

• Acting in terms of the spirit and letter of the above; 

• Acting within the risk appetite and tolerance levels set by the business unit; 

• Adhering to the code of conduct for the institution; 

• Maintaining the functioning of the control environment, information and 
communication as well as the monitoring systems within their delegated 
responsibility; 

• Providing information and cooperation with other role players; 

• Participation in risk identification and risk assessment within their business 
unit; 
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Implementation of risk responses to address the identified risks. 




INTERNAL AUDIT 


1) Legal Mandate 


The following legislative instruments provide the legal foundation for Internal 
Audit’s responsibility for risk management: 

Municipalities 

• Section 165(2)(b)(iv) of the Municipal Finance Management Act (Act 56 
of 2003) (MFMA); 

• International standards for the Professional Practice of Internal Auditing 

- Performance standard 2110. 

Municipal Entity 

• Section 165(2)(b)(iv) of the Municipal Finance Management Act (Act 56 
of 2003) (MFMA); 

• International standards for the Professional Practice of Internal Auditing 

- Performance standard 2110. 


2) Role and Responsibilities 

Responsibilities of Internal Audit in risk management include: 

• Reviewing the risk philosophy of the institution. This includes the risk 
management policy, risk management strategy, fraud prevention plan, 
risk management reporting lines, the values that have been developed 
for the institution; 

• Reviewing the appropriateness of the risk tolerance levels set by the 
institution taking into consideration the risk profile of the institution; 
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• Providing assurance over the design and functioning of the control 
environment, information and communication systems and the 
monitoring systems; 

• Providing assurance over the institution’s risk identification and 
assessment processes; 

• Utilising the results of the risk assessment to develop long term and 
current year internal audit plans; 

• Providing independent assurance as to whether the risk management 
strategy, risk management implementation plan and fraud prevention 
plan have been effectively implemented within the institution; 

• Providing independent assurance over the adequacy of the control 
environment. This includes providing assurance over the effectiveness 
of the internal controls implemented to mitigate the identified risks. 


4. RISK MANAGEMENT ACTIVITIES 


The following are the risk management activities that the District Municipality will 
implement together with the methodology that will be applied in each case: 


RISK ASSESSMENT 

The District Municipality will as far as possible conduct an enterprise risk 
assessment annually, ie one that will include every directorate, department and 
section, however small or seemingly insignificant and no such directorate, 
department or section may exclude them from the assessment. Due to the limited 
resources available to the contracted internal auditors, the project would in all 
likelihood be conducted by an external service provider. Workshops will be held, 
per directorate, to be attended by the relevant Director and all his Managers. After 
conclusion of the workshops and scrutiny of the draft result of the assessment, 
copies of the final document will be distributed to each directorate. 
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It goes without saying that such an Assessment must be conducted in accordance 
with the IIA Standards. 


RISK TOLERANCE 

It is important for the institution to make an informed decision on how much risk it 
accepts as part of normal management practice. Setting risk tolerance is a 
collective senior management responsibility. The output is a clearly defined 
tolerable level of risk established through a rigorous process of analysis and expert 
management judgement. Depending on the nature of the risk the tolerance may 
be expressed either in qualitative of quantitative terms. 

RISK MITIGATION 

After the risk tolerance has been determined, those risks that exceed the level are 
to receive immediate attention by: 

• Revisiting the existing controls that are inadequate; 

• Designing / redesigning processes that provide controls that will mitigate the 
risk; 

• Obtain expert advice from knowledgeable persons / companies, etc; 

• To obtain the best possible result, actions taken in redesigning controls 
should be done through a collective process by the Director / Manager with 
their staff who can often make valuable contributions to finding solutions. 


MONITORING OF RISK MITIGATION 

The Accounting Officer is ultimately responsible in ensuring that risks that require 
mitigation receive the necessary attention by enhancing existing / designing new 
control measures. However, the directors assume delegation of this duty and 
ensure that risk management is carried through to the managers and all other 
staff. The Risk committee has the responsibility of monitoring the increase in the 
level of the control environment. The Chief Audit Executive also has the 
responsibility in the development of the combined assurance plan for the District 
Municipality. Factors inhibiting the implementation of new or revised controls to 
reduce the risk exposure should be reported to the Risk Committee. 
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RISK REPORTING STANDARDS 


Over and above the annual enterprise risk assessment, risks need to be identified 
and reported as soon as possible. This will assist in curbing potential and actual 
loss. 

5 . MONITORING OF AND REPORTING ON THE ACHIEVEMENT 
OF THE RISK MANAGEMENT STRATEGY 


As already mentioned above, this element includes the assessment of whether or 
not key milestones are achieved. More importantly it is also monitoring whether 
the risk management strategy is producing the sustainable outcomes as originally 
envisaged. This falls within the scope of the responsibilities of the Chief Risk 
Officer, Accounting Authority, and the Audit Committee. During the initial stages of 
implementation of the RM Strategy, a brief report should be prepared to serve 
before the Accounting Authority on a monthly basis of which the frequency can be 
extended to quarterly and eventually biannually. 

The Accounting Authority must evaluate the progress as contained in the report 
and endeavour to resolve hurdles that are inhibiting the RM implementation plan. 
The report plus the Accounting Authority’s comment / recommendation should 
then be submitted to the Audit Committee. 

6. ASSURANCE 

This process is inseparable from ERM and is as important as the aforementioned. 
A combined assurance plan must be compiled from the risk analysis. This will 
enable management to assign resources efficiently to mitigate the risks to an 
acceptable level and to identify who is responsible for each risk. The District 
Municipality will also on a continuous basis be informed of assurance (or not) that 
risks are being managed efficiently, effectively and economically. 

7 . RISK MANAGEMENT IMPLEMENTATION PLAN 

This document will be known as the Risk Management Strategy. The Risk 
Management Strategy focuses on the broad principles and depending on the merit a 
separate risk management implementation plan may be developed for a risk activity. 
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These plans will form part of the monitoring of the achievement of the Risk 
Management Strategy. 

8. REVIEW OF RISK MANAGEMENT STRATEGY 


The Committee shall review the risk management strategy and recommend to 
Council for approval any amendments that may be required. 


Page 26 




